Latest libpng libpng Vulnerabilities

CVE-2022-3857
A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.
Libpng Libpng=1.6.38
CVE-2021-4214
A vulnerability was reported in Libpng where the input buffer might not have the same length as the pre-defined value hardcoded in the pngimage so that the index is out of bound in the later loop. Re...
Libpng Libpng=1.6.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
NetApp ONTAP Select Deploy administration utility
debian/libpng1.6<=1.6.36-6<=1.6.37-3<=1.6.39-2<=1.6.40-2
CVE-2017-12652
libpng before 1.6.32 does not properly check the length of chunks against the user limit.
Libpng Libpng<1.6.32
Netapp Active Iq Unified Manager Vsphere
CVE-2018-14550
An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.
Libpng Libpng=1.6.35
Oracle Hyperion Infrastructure Technology=11.1.2.6.0
Oracle Mysql Workbench<=8.0.23
Netapp Active Iq Unified Manager Vmware Vsphere
NetApp OnCommand API Services
CVE-2019-7317
A use-after-free vulnerability was discovered in the png_image_free function in the libpng library. This could lead to denial of service or a potentially exploitable crash when a malformed image is pr...
debian/libpng1.6<=1.6.28-1<=1.6.36-3<=1.6.36-2
Mozilla Thunderbird<60.7
Mozilla Firefox ESR<60.7
Mozilla Firefox<67
Libpng Libpng>=1.6.0<1.6.37
Debian Debian Linux=8.0
and 99 more
CVE-2019-6129
** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."
Libpng Libpng=1.6.36
=1.6.36
CVE-2018-13785
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file...
Libpng Libpng=1.6.34
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=17.10
Canonical Ubuntu Linux=18.04
Oracle JDK=1.6.0-update201
and 17 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203